Zero Trust Security Strategy: Expert Insights on Implementation

Good afternoon everyone or if you’re in the West Coast good morning to you today is Friday October 27th And welcome to our second session of security and 45 Andre’s like can’t believe it’s been a month since our last session But anyway each of these sessions in this webinar series It’s gonna focus on unique security challenges in the industry and we want to talk about how to stay ahead of the game No slides just good conversation. That’s the model for the show And again, we invite you to enjoy this however is best for you in terms of consuming So if you want to watch in Listen in on your headphones from your lunch break jam a walk around the neighborhood, whatever I hope you enjoyed the last session on Firewalls and if you missed that check out the recording it really covered some great information about the evolution of Cisco’s firewalls All the way up to the latest and greatest in firepower I’ll tell you what’s on the agenda for today Well, I’m very excited to be here after one month. This is super awesome Today we have a really nice discussion about XDR. So I know everybody’s excited about it, you know, we’ve been hearing So much about it for the last few months and today we’re joined by three Incredible and talented and experienced security experts.

So I’m super excited about that. I know we have Brianna She’s the director of Product management for XDR. We have Nate Austin He said we shouldn’t call him a legend But we know he’s a legend and a technical solutions architect and then we also have Matt Robertson. He’s a distinguished technical engineer Now the three of them bring a lot to the table and this is going to be the intention is going to be a very relevant Security conversation and we couldn’t be more thrilled to get it started with you guys.

So welcome Thanks, I’m good Brianna, I think the first question I’ll kind of direct it to you just to start it off and then anyone can just chime in but you know XDR, you know That you know, what does that mean to the industry? Maybe not Cisco specific, but just when someone hears about XDR What are we talking about there? Thanks Mike and thanks again for the opportunity to be here today with such esteemed colleagues I think it’s a great question and it’s a great question not because people don’t know how to break out an acronym But because the breaking out of that acronym has been interpreted so broadly over the last five at least years And that it’s really important for us to take a pause and think through what XDR should mean for us today So I will start by breaking out the acronym It stands for extended detection and response and it’s really important to think through those three words Almost separately and then what they should mean coming together So when we think of XDR, there are other letters or words that have come in front of the DR previously Endpoint detection and response for EDR, network detection and response for network and so forth And threat detection and response or detection and response and hunting is not a new concept at all The way that we do it, the way that we have to do it, the way that we respond to adversaries has changed over the years And has forced an evolution of our processes and then the tools But the tools have not always kept ahead of what is needed for catching these adversaries So the extended is the first piece It’s how we think through extending that visibility and that detection capability through the entire environment So not just looking at it from an endpoint centric perspective Even though endpoint telemetry and endpoint detections are really rich and really critical into understanding really what’s happening in an environment It’s about going beyond that How can the email come into play? How can the network come into play?

And some of the analysts out there right now are actually looking at it very much in that way There’s definitions from Gartner, for example, around it being a unified security incident detection and response platform That is automatically collecting and correlating data from multiple security components IDC has a different definition, but it expands into saying that endpoint and network telemetry is critical in play And bringing those together in a same or similar correlated model So that extension is key and understanding how we extend through all of our vectors and all of our security components And then I need to detect what’s happening in my environment and be able to equally respond to that So when we think about it today, XDR, our opinion, not just Cisco, but as practitioners, is that it’s an expression of business needs I need to be able to detect and respond in a meaningful way across my extended environment and understanding what happened there By correlating, not just aggregating that information together to really understand what happened Amazing. That’s excellent. Yeah, and as you were describing that, just in my mind, I was thinking If we have all this correlation together and we’re talking about the X, the D, and the R components I’m just thinking about pain points that can be alleviated and we’ll get to those here in a little bit But I’m just starting to go through my mind about the time savings and that nature of activities Where we only have maybe one or two people running our sock, for example So thank you for that great answer there. Yeah, thank you for that And now we do have another question and this one, Nate, I’m going to start with you on this one We’ve heard so much about XDR in the past few months But I guess our listeners and the people watching us today would like to know why do we need XDR And if I extend on that question also, what are the problems or challenges that XDR is going to solve for us today If you don’t mind spending a little bit on that Sure, so starting off with just to tack on to what Brianna said, the definition is so vague And if you talk to five different people, you’re going to get five different answers on what it is and why you need it If you talk to the identity team, they’re going to say it starts and ends with identity If you talk to an endpoint team, they’re going to say it starts with the endpoint Cisco is obviously a massive networking company and we believe the network has to be foundational to that As well as all the other components But I think we really need XDR because of the changing nature of the threats We’re not going to catch a threat with a single solution, with a point product anymore The detection of malware isn’t really reliable anymore The tools need to focus on the attacker, not the actual files and destinations that they’re going to Because they’re using a lot more advanced TTPs, tactics, techniques and protocol and procedures That they’re using to try to evade traditional security tools So we can’t just look at the file hash on the system anymore and say, oh yeah, that’s malicious, we need to block it They’re moving around that, they’re using things like spearfishing, things like privilege escalation Other techniques, network connections discovery Those are things that a traditional tool may not catch, but when we aggregate all that data together And look at it from a more holistic point of view across the entire security environment that the customer has That gives us a lot more chance to detect these sorts of events and bubble them up to the right people to take action on them That’s good call effects One more thing, there’s also, this is hard, right?

Being a security incident responder, there’s hard work, right? There’s a lot of turnover in the security space, right? Especially in tier one SOC analysts, they’re moving up to tier two, tier three, they’re moving on to new positions, right? So being able to kind of augment what they can deliver and help them be more effective at their job Provide the tools for them to up level their own skills and up level the organization’s response That’s also what XDR is trying to do, right?

We don’t want them spending their time on things that aren’t going to make a difference We really want to bubble up the things that are going to make the biggest risk reduction to the enterprise That’s a good call out Actually, yeah, for all the things that I’ve seen about XDR, you know, super excited about all that visibility All those things that we get to see with the tool, it’s pretty cool, I will say that Just to add on to that, I think in my view, as Brianna was describing what XDR is for the industry And Nate, that quote unquote bubbling up effect, I mean that was one of the main pain points I was thinking about Just the massive amount of alerts coming from all these products and like where do we start? And Brianna, you were talking about correlating data together I guess if we can do that, then to your point, Nate, we could really bubble up the stuff that’s more important to us there Especially for the… The end goal of security isn’t to close as many tickets or incidents as we can, right? The end goal is to catch the attackers, right?

To stop the malicious traffic So that’s what we need to do is make the most relevant incidents bubble up so that we can take action and respond to them effectively Yes, and like Nate and Matt have probably heard this example from me a million times and won’t be tired of hearing it But to Nate’s point, I use an example of the time that if I come home and I see that my front door is unlocked I might think that that’s a little weird because I’m used to locking my front door But in and of itself, it’s an alert that I would have to track down with no additional context And no information on letting me know definitively that as an asset in my environment That door was definitely locked when I left or context that somebody else in my house came in and out and failed to unlock it in between So chasing that down would take a lot of effort, right? But if I now walk into my house and I see that it’s not just that the door is unlocked Actually, it wasn’t even closed, right? It wasn’t closed on the threshold That gets a little weirder. I’m coming home like, hmm, I usually lock my door I don’t think anybody in my house would leave it completely open even, you know, trying to be flush but open That’s a little weird and still don’t have any proof that anything happened But I might cautiously walk into my house being concerned about what’s going on Maybe somebody’s hurt.

Is somebody broken in? As I move forward and I don’t see anybody in the house, but I see something like my TV missing Now I have a lot more context to start to say, huh? Well, last time I checked we weren’t moving our TV today And I don’t think that somebody would have walked out without it and now I might even be more concerned that somebody’s still in the house But maybe I checked that out and nobody’s there The version of the story is with more information coming from additional sources of detail I can understand that I likely have had somebody break into my house and steal my TV And if I had something even more definitive start to think like endpoint level telemetry Like a camera in my house where I can now go to the video and see it happening I could potentially see somebody walking out of my house with my TV and now I would know 100% what happened But if I were just looking at those different sources, yes, the security camera might have given me that But if I only had a camera in one part of my house, it might not show me how they got it, right? So all of those little pieces together help me understand what Nate was saying quickly what happens I’m a sock engineer.

It’s an analyst. Excuse me. I don’t have as much time to go through each of those individual items as maybe I once did Because there’s thousands of them in a day putting all of that together and now having an understanding of a likely response I’m okay to stay in the house because nobody’s in it But I should potentially call the police or at least my insurance company that guidance is what we’re trying to look at people receiving with XDR I’m gonna sell that example. Unfortunately, in my case, my eight-year-old would have just left the door open and my dog would be running around You just have to augment it a little bit, Nate So my kid ran out and the dog went with them.

Nobody was there to bark when somebody tried to steal my TV You know, in terms of the response part of that, it would be great if I could get notified that my TV was missing Because if there was an important sports game I was coming home to watch I would need to know to go straight to the bar after we involved the police and I will also like to use or maybe steal that example Because I think it outlines XDR pretty much I liked it All right, Matt We’ve covered XDR as a definition, general concepts of it and the pain points it addresses What about Cisco’s involvement in XDR? How is Cisco taking an approach into XDR? I know there’s a new thing called Cisco XDR I’m curious how we, being Cisco, align with that industry definition So that industry definition just kind of emerged as an idea As Brian was kind of saying, there’s always been threat detection response products Extended detection response conceptually was just like, hey, we need to make random detection response better than it was We extend it, it’s better So there’s different ways you can approach that, which is we make an individual product better, which is what some vendors will do But we at Cisco are like, hey, we actually have a lot of products And then we can make each individual one better or what we could do is create a whole new product and call it XDR And that’s what we have So Cisco XDR is actually a new product offer A new product offer that is built upon downstream data sets And then that really feeds into our strategy was like, we wanted to create a productivity tool for the Security Operations Center Our unofficial official guiding principle was make every tier one analyst as effective as a tier two Which really just means get all of the appropriate data presented to the user in such a way that they can make decisions faster and more effectively And that’s what Cisco XDR is, it is a productivity tool It is not new, it is on top of all the other products And because we made that decision, it is a product on its own, it is not an enhancement to existing products, it’s a new product That also fed into our strategy on the need to be open in the sense that Cisco XDR integrates with products that aren’t ours, aren’t Cisco products Regardless of what endpoint detection response product you own, you can get value out of Cisco XDR Regardless of what network detection response product you own, you can get value out of Cisco XDR Regardless of what firewalls you own, you can get more value out of it And so we have a list of strategic integrations that we’re going to curate and we’re going to bring forward And then there is the ability to build your own and all that fun stuff that you can do But we’re looking at, we’re an open ecosystem The XDR product is a thing that stands on its own, it is about providing efficiency to the Security Operations Center And so that was our first major decision, product needs to be open The other thing that we did is we were looking at what does it mean to be extended detection response? What are the most foundational pieces of data that a security operator needs to do their job?

The easy one was endpoint, its foundational to the Security Operations Center The other one that was really high on the list is network data And not just firewall logs, network data, meaning network logs, flow logs, describing east-west communication in the environment And we looked at our products based on, hey, we’re masters at network analytics already We’ve got great product sets here, we’ve got great data, we know exactly how to succeed in this And so we made network detection and response foundational to our entire product strategy, to our approach to XDR Endpoint and network and firewall are foundational first-class citizens in Cisco XDR Outstanding, I think it’s pretty important about the open portion of that Because I think original attempts at XDR just didn’t work that well They’re going to work within their own vendor, but nothing external So that I think is pretty important And then certainly, yeah, that’s a great point about the network foundation there Because Brianna, you were mentioning at the beginning about maybe even bringing in email And Matt, if we’re really communicating across the network, I guess we’re going to have a much better view just beyond just the endpoint Especially when it comes to correlating threats as they spread Absolutely. Email is a really good example of something I was just talking with a customer about an hour ago and showing them what XDR does And they’re like, oh, can you block the email that that attachment came in on? I’m like, yeah, sure, you can work that out That’s as a response, here’s the badge, here’s the example I was talking through The user had been, there was a phishing email had gone in, they’d executed it, gone to a bad domain and all that Worked through investigation backwards, he’s like, hey, now can we just block that email next time it comes in, block that phishing That’s the thing that we want to be able to do From detection backwards through to the original point of infiltration And then, hey, let’s prevent that from going forward That’s exactly it The response part is, oh, go ahead, Andre I was just going to say the response part is key there because correlating all this data But Brianna, you talked about that TV being stolen If you could respond by automatically calling the police or, Matt, your example just automatically block that host or that email account The response portion being key I was going to mention something very similar, Mike, on the response The response is very key We’ve seen a lot of products out there that they promise that the response is going to be the main part of the product But we haven’t seen too much of that And I think this is bringing a lot of value to the product Just because we have multiple ways to respond, block that traffic, re-authenticate those ports There’s many things that we can do and we’d like to see the action on what we see today Awesome, that was Before we move maybe to the next topic, if I could just really quickly jump in on something you said Mike, you mentioned what people were looking at for XDR previously and maybe what they might be looking for now I think it’s important. Nobody’s trying to trash what happened for XDR previously Or what vendors who were really innovative in that space brought up and started thinking through It’s just the difference of what you need now and then People purchase new cell phones They purchase new cell phones because as much as I adore my BlackBerry, it probably wouldn’t serve me in the way I think it would today I have fond memories of it.

I still want one, I’m not going to lie But when I think through it, it wasn’t going to do for me what my new phone will do So you need to think through what Matt was just saying and what you were just saying when you’re looking for an XDR solution Don’t look at XDR for what it was looked at five years ago Look at it for what you need now and five years from now That’s a great point. I really miss my BlackBerry I just remember jamming all those keys into that one little keypad Did we just date ourselves? No, not at all It’s okay We’ll definitely have a few people on the cast who will be like, what’s a BlackBerry? And that gives them a Googling event for later and then they can share something that we both know There you go, yes Yeah, so moving on to our next question I know we talked a lot about what it is, what is Cisco doing, how we approach it But I guess the one thing that I want to see is if we can see exactly who Cisco XDR is designed for And Nate, if you don’t mind going through that and then we go through the room just to make sure that we get our perspectives And see who do you think XDR will be designed for today Yeah, sure.

So I might have a little different perspective on this I’m in the field so I’m talking with customers on a regular basis so I kind of hear their input as well as what we think internally And I’ve kind of heard across the spectrum that it’s for a lot of people I think if you are, absolutely if you’re a customer that doesn’t have a mature SOC That this is right up your alley This is a tool that can really provide an incident response kind of playbook for you There’s Casebook’s ability to kind of structure your response to an event And just correlate across multiple tools where you may not have the people that have the knowledge to do that Without a tool that will help them accomplish that So definitely with customers and users without a mature SOC will definitely see value from this product And I think that this is actually the first solution I think really that Cisco has had that really plays, is designed for the SOC In a way, most of the other things are kind of targeted at the prevention Which is great, if we can prevent something from happening, we want to do that But this is the first one where we’re really taking a step back and saying, hey, there’s going to be stuff that’s going to get through We need to be able to correlate that and respond for you But I’ve also talked with larger customers with really mature SOC processes They have their own playbooks, they have their own automation and orchestration capabilities So some of those aspects they may not leverage in the system But there are some areas where it can still help It can still, that kind of tier one SOC analyst that are constantly turning over Maybe they don’t have the same experience to go and do the complex queries that are needed for some of those playbooks Well, this can again help them look at some of those incidents and prioritize them from an early standpoint Threat hunting, they can still use it for threat hunting capabilities with the tool So even if you’re not using the full functionality, there’s still some benefit for larger customers with mature SOCs You’re not Cisco shops, right? So that’s another thing where in the past, if you had Cisco products, great, they’d work together We have native integrations with our solutions, right? But if you have a third party solution, maybe those integrations don’t work so well, right? You have to code something custom Well, XDR is built with that in mind So if you are somebody with Microsoft Defender endpoint, right?

We can still enrich and we can add endpoint context to those incidents from those applications, right? If you’re using ExaBeam in your environment or CyberReason, we can enrich and decorate the incidents so that there’s more information there for them If you’re a Palo shop, right? You can actually automate and orchestrate responses from XDR to Palo Cortex So a lot of different things are if you’re crowdstrike, we can create incidents We can generate incidents based off of your endpoint, this is a non-Cisco endpoint and then pull in our network telemetry And combine those together to build an attack chain So you don’t have to be a Cisco shop to get value out of XDR, right? The security is a team sport, I think all vendors and we have to work together to…

Our enemy is not other vendors, our enemy is the adversaries, right? Great point. I really like that last part because yeah, Preventing the threat is the key and it really doesn’t matter which vendor or endpoint product you have If we can work with them to kind of integrate that across the board Yeah, I think anyone in security, you know, we’re in it to stop them from bad guys, right? I mean, that’s what we want to do, right?

That’s why I’m here at least, so… Excellent. Thank you, Nate. Now, in terms of the integrations, and Nate kind of just touched on one Microsoft Defender But can you tell me a little bit about the native integrations of Cisco XDR?

I think for the audience, if you have an example of like a real-life use case Maybe something that Cisco XDR could detect in one product and maybe use another product to respond Anything along those lines, I think that’d be really cool to hear Yeah, so we have a number of native integrations in Cisco XDR We took their approach strategically, as I mentioned, foundational data sets like network and endpoint Are able to provide data into the analytics engine And we have a number that are in our near-term roadmap to continue to either provide data and or enrich existing incidents So what we’re really, really good at is detecting some… Specifically in the network detection space, detecting things that you would otherwise have missed So things like repetitive malware outbreaks Where you don’t necessarily have an endpoint detection response product on every asset So one of the reasons network is so foundational in my mind is everything is connected to the network But not everything necessarily has an endpoint agent on it By some stats, roughly 30% of assets inside of an enterprise might actually have an EDR on it Other assets, printers, phones, OT devices, servers, etc. They might not have endpoint agents And so one customer, this is a story from a few years ago We were working with, had a repetitive malware outbreak Same piece of malware, they find it, it kept popping up on AMP or Cisco Secure Endpoint, as we call it now They’d get these detections that, oh, we’ve got it, we’ll clean it up, they were wiping assets on a regular basis They were finding these detections that were showing up, but they never could figure out who the patient’s bureau was We deployed, at the time, Secure Cloud Analytics, now a foundational part of XDR To collect network flow data, run analytics, see what was happening inside of the department And fairly quickly we found that the patient’s bureau, or the source of this malware outbreak Was actually an old network attached storage server that had been infected And then she said there was no agent on it, it was just sitting there, had this piece of malware that kept going Sending its little payload around, and eventually ran somewhere and the customer was having fun And not having fun with that particular outbreak But at patient’s bureau, it was this old master who had featured this time Because we were able to trace the network activity back to this one particular asset and remediate that outbreak And this goes through for a number of different ways you want to look at it The only way to sometimes solve the advanced threat is you need data from multiple different domains Network, email, endpoint, cloud, all of these are native integrations that we have And you need data correlated throughout That’s an amazing example of where Andreas and Mike before were talking about the response piece as well Because there’s no response that’s being taken on that NAS system Because it doesn’t have anything on it to do that But by bringing that information together, we would be able to help orchestrate a response Or at least guide a response even if it was manual to close that loop to stop that from happening So that that malware didn’t keep getting accessed or propagated or popping up And I think that’s a great example about bringing the importance of that network telemetry As opposed to just the endpoint Without that, Matt, it sounds like maybe that would have gone unresolved It would go on for years is what would happen You can block it all you want on your, I’ll use the 30% number You can block it all you want on 30% of the assets in your environment that have an effective EDR But the rest of them don’t for whatever reason And it’s crazy how those devices are overlooked today You don’t think about it when you start thinking about that strategy So that’s I think very impressive All right, I want to say something real interesting We’ve been 33 minutes without talking about AI and I’m about to break that record We could have gotten it I guess the AI algorithm just kicked in And like I’ve just been too long since, no one mentioned me Mind your jumping in It always wins Actually I wasn’t Yeah, last week we went on a presentation that was 20 minutes without talking about AI So I actually feel very happy about that All right, so this question is for you, Brianna I know you love that subject And basically we want to know and I think all of our listeners want to know What is the role that we play in AI that Cisco XDR will play in AI? I know Cisco as a whole has a whole story behind that But what can you share about that?

Actually, Andres, I’m changing my tune I love the question, right? The practitioner part of me is still looking for my German shepherd Another reference that people can Google every time I hear AI nowadays But at the same time we need to embrace the benefit that AI can provide But I think what’s really important is to think through AI is more mainstream conversation now But that doesn’t mean it’s new And it doesn’t mean that there aren’t types of AI that have been in place for a while Or aspects to generating up to AI So in Cisco XDR, Nate mentioned alerts and alert chains previously That is not something that somebody is sitting there manually doing As your events come in, that would be insane We would never be able to provide you with an extended detection and response incident in a timely fashion So alerts coming in from different sources and being chained together And that correlation of did the event that happened on Mike’s system and the event that happened on Andres’ system Are those both part of the same event? That being correlated together is part of what we use AI for today Also, for when we look at things like dynamic and automated responses So our ability to say, here’s a guidebook by which you can go through And yes, that’s static, but as we continue to move forward in the development of XDR Making that more dynamic and saying something as simple as When I look at what has been presented, I want to guide you to take a response Maybe that response is to quarantine a system, maybe that response is to enact a quarantine rule on a firewall And when we do that, what sort of context do we give you? Well, I wouldn’t want to present you as an analyst who has little time And is trying to respond quickly and may or may not have all same levels of knowledge I wouldn’t want to present you with something that says block this IP when I’m not giving you an IP to do it with And that’s a really small example, but those can get much more complex Related to what’s in your environment and what assets would you be authorized to block and not block in the first place So that’s another way that we’re leveraging that It also is used to bring threat intelligence in, so not only to help create and combine threat intelligence We leverage our TELUS team and what they’re bringing together for that But a lot of processing of more basic level threat intelligence comes at an AI layer But it enriches threat hunting in our investigations So being able to bring that enrichment in and understand what is happening or could have been related to a hunt or search that you have through your environment And then when we think about why AI is so prevalent nowadays We think of the boom that chat GPT brought and showed people the cool things that could come out of something like a generative AI And what we call a chat bot style usage of generative AI And without getting into too many technical terms There’s concepts behind that called things like large language learning models Where a model is simply learning It could listen to Brianna speak all day and then try to understand not only how it would answer a question that you would ask Brianna But how Brianna would phrase her question What types of words would she use?

How would she inflect upon that? So generative AI is not new All Cisco products have had AI for a long time And many of them are using things like large language learning models Including Cisco XDR Matt mentioned email previously That’s definitely been using it When you think about how people write emails Right How do I confirm that the email that’s sent from Brianna to Mike is from Brianna and not a business email compromise trying to trick Mike to do something because it sounds like Brianna So when you think about things like that, that has a lot of that back end AI modeling built in it And we will continue to assess AI and how to best use it and how to best present it in ways that’s not just delightful for our customers And lets them interact the way that they would like to but in ways that are meaningful That’s awesome That’s awesome Yeah, we hear about AI so much And many people realize that we’ve been doing AI for the longest time for many, many different things Yeah, and credit in the industry so have others, right? I mean it’s not, it’s just something that is more relevant I think for common mainstream now that people may not realize It’s in everything that you do You know, a large vendor that you may purchase a lot of things from online and might have a device in your house or on your phone that you talk to That’s AI in the background Yes, it’s going off So what about, now the next one and we might have to speed it up just a little bit for the sake of time for these next couple But what about, is Cisco XDR a seam? Matt, I’ll give that one to you Like I hear that all the time, like cool this is a seam replacement, right?

The answer is no, it’s the short answer That’s the TLDR one The longer one is So the fundamental difference is what data and visibility into data Cisco XDR is an analytics engine It is a soft productivity tool The objective is analytics on top of data to produce a detection, a prioritized detection and guided response to it Whereas a SIMS objective in life is to collect the data and provide that data to the user to build outcomes on top of it We’re focused on the outcome, I suppose on the data itself So would it be safe to say that Cisco XDR works with a SIM? Absolutely, we are complimentary If you had a dime for every time that somebody asked you that question though, Matt, would you be able to retire by now? Yes, short answer, yes I’d keep working just because that’s like free money Or a dime for every time someone’s like, what does XDR stand for? Right So many Well, thank you for that Yeah, thank you for that Actually, I think we’re running pretty short on time So we’re going to fly through the next two questions I think this one’s going to be important, our listeners are going to be very interested in this one This one’s for you, Nate What is Cisco’s plan for Secure X and Secure Cloud Analytics?

If you don’t mind just going a little bit on that Yeah, sure This actually came up in the Q&A as well, so very timely I think of XDR as really the evolution of both Secure X and Secure Cloud Analytics There are components of both that are in XDR The detection and analytics engine of, I think Matt mentioned this earlier, the detection and analytics engine of Secure Cloud Analytics is the backbone of XDR If you are an existing Secure Cloud Analytics customer, you are entitled to XDR So we’re converting everyone’s accounts, you’ll get an XDR tenant And you’ll be able to take advantage of some of the enhanced functionality that XDR can provide your organization Secure X was a little different Secure X was kind of our first foray into an XDR space I think that there were some benefits that Secure X provided around orchestration and automation capabilities that some users would like out of it But it didn’t really deliver on the, and it wasn’t necessarily meant to, deliver on the full prioritization of its So there’s a lot more functionality in XDR than Secure X Secure X has been end of life, it was a solution that was granted an entitlement to everyone who had a Cisco security product But it is end of life at this point, which means that no new users are able to sign up for Secure X account If you do have a Secure X account, if you were using it, it will stay in place until I believe next July But at that point, it will essentially cease to exist So if there are functionality in Secure X that customers are using today It’s time to maybe look at what XDR can provide, is that the right option, are those use cases that we can address with XDR as well? Good question, I think that’s on a lot of people’s minds, so thanks Nate for covering that Brianna, I don’t know how deep you can get into this, and we really only got about 30 seconds anyway before we move on But is there anything you can tell us maybe that’s up and coming for Cisco XDR, like any secrets or stuff on the roadmap? Yeah, I think I could tap in a little bit, so hopefully people have heard about our ORT acquisition, if you haven’t It’s in the identity threat detection and response space, so that piece is not secret, but what we can share is that up and coming We’re looking at bringing that into XDR to bring identity as a source into XDR and really be able to respond and provide those meaningful capabilities, so that’s really exciting Matt had mentioned the responsive capabilities and we had talked about those guided responses, guiding people more and more towards being comfortable accepting automated response, so truly automated response Hey, I’m going to lock the door, lock my robber in and call the cops when I see the TV come off the wall And being confident in doing that, things like that are what we’re going to try to continue to gain customers trust in, and then more around AI So you have seen certain things around guided assistance through hunting and through investigations and incidents, that’s forthcoming as well, and I think we will leave it there for today Awesome, awesome, and if the yeah, I didn’t get to see a little bit of or hopefully I’m saying that correctly. No, it was pretty cool.

All right, so Do you want to say anything about some certain changes that are coming out for endpoint integrations that might actually be in production today? So Nate snuck it in earlier, but yes, let’s call it out. So as we look at the integrations for what we’re doing around correlated incidents going beyond the responsive and the enrichment and hunting capabilities Our CrowdStrike endpoint integration that allows us to create new incidents or have those events be correlated into incidents is in progress and or deployed to Matt’s point, so you’re hearing it straight out of the gate live You should be seeing that ASAP if you are an existing customer or testing it out and if you’re not and you’re a CrowdStrike customer, come on have a conversation with us. We would love for you to see it We have this question on the agenda.

I was not expecting this. This is great. Yeah, me as well. Now that’s one thing people probably don’t realize about the show is it’s not scripted.

So I literally just did all learn all that information. So thank you. That’s great. All right, so we’re up on time, but we did have three really serious questions.

If you could just we’re going to give you just each one just take 10 seconds to answer and then we’ll kind of summarize this up and we’ll get out of here. Matt, I’m going to give this one to you and just in 10 seconds or or less up. What what is what number is higher per day the number of times you get asked what XDR stands for or the number of cups of coffee you drink in a day number times they explain what XDR is. Is it even close.

Okay, okay. All right. All right. All right, I’m going to go with the next one.

And this is for you, Nate. If you could magically apply XDR to any routine of your life, what would it be. I mean, I guess the prioritization and risk reduction like the next year can provide you an incident. I guess I’d apply that to like my to do list at home, like which if I knock these things off, like which ones are going to get me yelled at less by my partner if I finish these.

Right. So that’s my risk score that I’m trying to reduce. I love that. Now poking a little bit of fun at ourselves about how Cisco is always changing our names of all of our products and everything.

Brianna, would you bet yes or no on whether Cisco will change the name of Cisco XDR within a year from today’s date. I would bet no. Okay, no, especially if Matt and I are still here. Okay, great.

Excellent. Well, it’s always fun to poke a little self fun there. Andres, what do you say we recap this and get on our way here. I’ll tell you my big takeaways for today.

We started off with that industry definition. I talked about a unified platform or correlating incidents. We talked about bubbling the ones up that are important. And then we had several examples of taking automated or manual responses.

And I like Brianna’s example about that TV thing. I think that’s actually something I’ll be using. Matt touched on Cisco’s definition and how, you know, we’re known as a network company. Why don’t we use that ability when we’re talking about the threat correlation and response.

So we don’t we can go beyond just the end point. And, and in terms of solving problems. They you talked about who uses Cisco XDR and just XDR in general for quicker detection, the remediation, the threat hunting. And you know, I really like to get that bubbling up so that we can just have some time back, especially for those teams that have just a couple people on their sock.

The native integrations are great. Matt, I think it’s really awesome that we’ve taken an open standard approach. Crowd strike right at the end. That little teaser was pretty cool.

So that we can to Nate’s point. It’s about stopping the bad guy. We’re not. And it really shouldn’t matter.

Kind of what what end point product you have. So those are the big takeaways for me. Andres. Also, Mike, thank you.

In my case, I’m very excited about when we when we get to talk about AI, the artificial intelligence, when we get to talk about all those things. And still I feel something that I need to understand more. And it’s, it’s been there, kind of new, but it’s exciting. So I always welcome that the XDR versus seeing capabilities.

I know we, we get a lot of questions every day from customers on this one. And I think it was very clear. The, the vision that we have with the products. And I’m very excited about it.

Now moving on to some things that we may not see in the future that we’re seeing today. Secure X and secure cloud analytics. You know, what is their purpose in life in a few months coming. That’s that was really good.

And, and the other things I wasn’t expecting the teaser on the cross right. So very excited about that. And, and yeah, that’s that’s my take on the whole session and just want to thank you all for for taking the time. Yeah, really big.

Thank you. Brianna, Matt, Nate for your time and expertise and just generally the good you do in the security industry. Really much appreciated. Okay.

So, the next call November 16th topics securing the user and the end point registration for that is open. I believe it is. Okay. All right.

Well, I hope you’ve enjoyed the Sefin of security and 45 stay safe and secure everyone. And we will see you on the next episode. Bye. Thank you.

Have a good one. Everyone. Thank you.